Thomas Bruederli
|
7f992eac3d
|
Bump version + add CVE ID
|
7 years ago |
Aleksander Machniak
|
e757cc4101
|
Fix file disclosure vulnerability caused by insuficient input validation in relation with attachment plugins (#6026)
|
7 years ago |
Thomas Bruederli
|
4181f29608
|
Bump version to 1.1.9
|
8 years ago |
Thomas Bruederli
|
f1483204c7
|
Bump version to 1.1.8
|
8 years ago |
Thomas Bruederli
|
4c1394cf2d
|
Bump version to 1.1.7
|
8 years ago |
Thomas Bruederli
|
802d119153
|
Bump version to 1.1.6
|
8 years ago |
Aleksander Machniak
|
fbf89913a3
|
Fix missing localization of HTML editor when assets_dir != INSTALL_PATH
Conflicts:
CHANGELOG
|
9 years ago |
Thomas Bruederli
|
25bc871ee7
|
Bump version to 1.1.5
|
9 years ago |
Aleksander Machniak
|
ead0846934
|
Plugin API: Add html2text hook (backport from master)
|
9 years ago |
Aleksander Machniak
|
c91d4975ff
|
Make sure an email address is valid when replacing it with mailto: link
|
9 years ago |
Aleksander Machniak
|
126d099e83
|
Fix PHP warning when defaults.inc.php is not readable
|
9 years ago |
Thomas Bruederli
|
699af1e520
|
Protect download urls against CSRF using unique request tokens (#1490642)
Send X-Frame-Options headers with every HTTP response
Conflicts:
plugins/enigma/enigma.js
plugins/enigma/lib/enigma_ui.php
program/lib/Roundcube/rcube_message.php
|
9 years ago |
Aleksander Machniak
|
d66793f0af
|
Fix missing emoticons on html-to-text conversion
|
9 years ago |
Thomas Bruederli
|
f2ff464002
|
Bump version to 1.1.4; update Changelog
|
9 years ago |
Aleksander Machniak
|
89a5dcb946
|
Fix path traversal vulnerability in setting a skin (#1490620)
Conflicts:
CHANGELOG
|
9 years ago |
Aleksander Machniak
|
70942083ce
|
After failed login wait a second to slow down brute-force attacks (#1490549)
|
9 years ago |
Aleksander Machniak
|
bbef212b0e
|
Fallback to C locale
|
9 years ago |
Aleksander Machniak
|
7bfe676d53
|
Fix various issues with Turkish (and similar) locales (#1490519)
|
9 years ago |
Thomas Bruederli
|
106d47992b
|
Bump version and update changelog
|
9 years ago |
Aleksander Machniak
|
19a61851ae
|
Fix so imap folder attribute comparisons are case-insensitive (#1490466)
+ make in_array_nocase() much faster for ASCII strings
|
9 years ago |
Aleksander Machniak
|
15fd8f9dc7
|
Fix XSS vulnerability in _mbox argument handling (#1490417)
|
10 years ago |
Aleksander Machniak
|
5529d94ed7
|
Installer: Use openssl_random_pseudo_bytes() (if available) to generate des_key (#1490402)
Conflicts:
CHANGELOG
|
10 years ago |
Thomas Bruederli
|
f1ae19dc6b
|
Bump version
|
10 years ago |
Aleksander Machniak
|
84af0db103
|
Fix bug where some files could have "executable" extension when stored in temp folder (#1490377)
|
10 years ago |
Thomas Bruederli
|
c7a88ff0c2
|
Localize common error messages; improve explanation for CSRF check failures
|
10 years ago |
Thomas Bruederli
|
2c0861495b
|
Bump version for next release
|
10 years ago |
Aleksander Machniak
|
bbbd02bd6a
|
Fix so "over quota" errors are displayed also in message compose page
This also fixes over quota responses on cyrus imap which uses "Over quota" string and no error identifier.
|
10 years ago |
Aleksander Machniak
|
9e147a36ad
|
Fix fatal errors on systems without mbstring extension or mb_regex_encoding() function (#1490280)
|
10 years ago |
Thomas Bruederli
|
2f8b1036da
|
Bump version and copyright year
|
10 years ago |
Aleksander Machniak
|
09d52dbb67
|
Fix some typos in comments
|
10 years ago |
Thomas Bruederli
|
be140e827d
|
Don't reset 'plugins' config option when running from update.sh script
|
10 years ago |
Aleksander Machniak
|
c6efcf5e6d
|
Fix blocked.gif image usage with assets_dir set
|
10 years ago |
Thomas Bruederli
|
b737021a90
|
Improve plugin selection in installer; check already selected plugins
|
10 years ago |
Thomas B.
|
8e7ed506c4
|
Merge pull request #248 from flanpy/master
#1489096 : Ability to select plugins to enable in the installer
|
10 years ago |
Aleksander Machniak
|
7259529fad
|
Get rid of requests whitelist for security check bypass
|
10 years ago |
Aleksander Machniak
|
681ba6fc3c
|
Improve system security by using optional special URL with security token
Allows to define separate server/path for image/js/css files
Fix bugs where CSRF attacks were still possible on some requests
|
10 years ago |
Aleksander Machniak
|
f7f4672649
|
Fix regression in rcmail::show_bytes() where unit was set to "[]" instead of "B"
|
10 years ago |
Aleksander Machniak
|
0b36d15157
|
Add method to display operation (uploading) progress in UI message
|
10 years ago |
Aleksander Machniak
|
2dfad0a564
|
Make upload progress text more compact.
E.g. "500 KB of 10 MB" becomes "0.5 of 10 MB"
|
10 years ago |
Aleksander Machniak
|
9e4246d957
|
Code improvements and fixes (mostly unused variables and methods)
|
10 years ago |
Flanpy
|
8f576d87d2
|
Add the ability to select plugins in the installer
|
10 years ago |
Flanpy
|
b8837e3f43
|
Add the ability to enable plugins in the installer
|
10 years ago |
Thomas Bruederli
|
8d526c4938
|
Fix skin path handling in plugin context (#1488967):
The plugin skin directories are removed again from the search path after parsing of a plugin template has finished.
|
10 years ago |
Aleksander Machniak
|
1ffab0ad4a
|
Fix possible issues in skin/skin_path config handling (#1490125)
|
10 years ago |
Aleksander Machniak
|
71dbeeee10
|
Skip unnecessary session updates on task switch - switch session task less often (#1490116)
|
10 years ago |
andryyy
|
383724eb97
|
Update rcmail.php
Typo
|
10 years ago |
Thomas Bruederli
|
91a449138e
|
Add output class for commandline scripts
|
10 years ago |
Aleksander Machniak
|
000f6ee304
|
Merge branch 'oracle'
|
10 years ago |
Aleksander Machniak
|
c2345747ac
|
Add Oracle driver check in Installer
|
10 years ago |
Thomas Bruederli
|
8ef203827f
|
Make noshow attribute for roundcube:label tags actually work as supposed
|
10 years ago |